User Management

Energylogserver SIEM Platform

Energylogserver SIEM provides essential user management capabilities to support security operations teams with appropriate access controls and user lifecycle management.

Note: Advanced authentication methods (LDAP, SAML, RADIUS) are covered in Configuration. This chapter focuses on practical user lifecycle and role management.

Table of Contents

  1. User Lifecycle Management

  2. Role-Based Access Control

  3. Field Level Security

  4. Users Limit for Role

User Lifecycle Management

User Creation

Standard User Creation:

Navigate to ELS ConsoleManagementConfig

Required fields:

  • Username: Unique identifier (3-50 characters)

  • Password: User password

  • Email: Valid email for notifications

  • Role: Roles that user will be assigned to

User Modification

Profile Updates:

  • Users can modify their password

  • Admin can modify password, email, GUI Access, Roles, Default Role

Role-Based Access Control

Predefined Roles

The system provides the following predefined roles:

  • admin: Complete system administration with full access to all features and configurations

  • alert: Access to alert management and configuration

  • e-doc: Electronic document management capabilities

  • intelligence: Threat intelligence and analytics features

  • license: License management and monitoring

  • logstash: Network Probe and data pipeline configuration

  • report: Report generation and management

  • security: Security operations and monitoring

  • security-tenant: Multi-tenancy security management

Custom Role Creation

Process:

Navigate to ELS ConsoleManagementConfigUser ManagementCreate Role

Role Parameters:

  • Role Name*: Unique identifier for the role (required)

  • Paths*: Index patterns that the role can access (required). You can provide one or more index patterns separated by commas

  • Methods*: HTTP methods allowed for this role (required). Available methods: GET, POST, PUT, DELETE, HEAD

  • Apps*: Applications/modules accessible by this role (required)

  • Users limit: Maximum number of users that can be assigned to this role. Leave empty for unlimited, or enter a number greater than 0

  • Field Includes: Specific fields that will be visible to users with this role

  • Field Excludes: Fields that will be hidden from users with this role

Field Level Security

Field level security allows you to restrict access to specific fields in documents for a user role. For example, users can only view specific fields in the Discovery module, while other fields will be inaccessible.

Configuration Steps:

  1. Add the index pattern to the Field Includes or Field Excludes parameters when creating or editing a role:

    • Field Includes: Only specified fields will be visible to the user

    • Field Excludes: Specified fields will be hidden from the user

  2. The new role will appear in the Role List tab:

  3. Assign users to the new role:

  4. When users log in with this role, they will only see the permitted fields in the Discovery module:

Users Limit for Role

This feature allows administrators to define the maximum number of users that can be assigned to a specific role. Once the limit is reached, no additional users can be added to that role until existing assignments are removed or the limit is increased.

Purpose:

Role user limits help organizations maintain compliance with licensing requirements and enforce security policies by controlling role assignments based on organizational needs.

Configuration:

When creating or editing a role under ManagementConfigUser Management, you can specify the Users limit parameter:

  • Leave the field empty for unlimited users

  • Enter a number greater than 0 to set a specific limit

Behavior:

  • When the user limit is reached, administrators cannot assign additional users to that role

  • For non-local users (such as LDAP users) with roles assigned dynamically, if a login attempt would exceed the role’s user limit, the login will fail

  • A clear error message will be displayed on the login screen indicating that the role limit has been reached

  • System users are not counted toward role limits to ensure system functionality is not affected by administrative limits

Example Use Cases:

  • Limiting the number of administrative users for security compliance

  • Controlling analyst role assignments based on license restrictions

  • Managing role distribution across departments or teams

  • Enforcing organizational policies on privileged access